-
Notifications
You must be signed in to change notification settings - Fork 27
Developing new features
Manuel J. Bernal edited this page Dec 5, 2018
·
1 revision
First of all, you will need a working environment composed at least by the next components:
- 1 x Wazuh server (Wazuh manager + Wazuh API) + Splunk forwarder
- 1 x Splunk Indexer instance
Additionally, you will need the next tool:
- Git
Execute the following commands in your local development machine:
$ git clone https://github.com/wazuh/wazuh-splunk.git -b {$TAG} --single-branch --depth=1
$ cd wazuh-splunk
Now, you already have the Wazuh App for Splunk in your local machine ready to be modified. In the next section, we'll see how to synchronize the Wazuh app to the Splunk instance.
We will need to send the modified files of the App every time we change anything
$ rsync -avh ./SplunkAppForWazuh/ {SPLUNK_USER}@{$SPLUNK_INSTANCE_UP}:{$SPLUNK_PATH}/etc/apps/SplunkAppForWazuh/
If you are using private SSH keys, add the following parameter to the rsync command:
-e "ssh -i /path/private_key"
Once you have sent the files to the Splunk instance, you will need to restart the service in order to apply the changes:
# {$SPLUNK_PATH}/bin/splunk restart